Alberto, Yes, I agree. The child process that executes a script doesn't need those file descriptors, so they can be closed. Since openvpn uses the system() function to run scripts, and because the system() function doesn't close any file descriptors on its own, it would be necessary to write an alternate version of the function (unless it already exists somewhere) which closes the file descriptors between the fork and the execve calls.
James Alberto Gonzalez Iniesta <a...@inittab.org> said: > Hi, > > I got another bug report on Debian's openvpn package. It states that > openvpn's file descriptors are kept open while scripts are called. It > claims they should be closed. My C knowledge is far from make a patch > for this one :) And maybe you don't agree with this (James?). > > You can see the report here: > > http://bugs.debian.org/179551 > > Thanks. > > -- > Alberto Gonzalez Iniesta | They that give up essential liberty > agi@(agi.as|debian.org) | to obtain a little temporary safety > Encrypted mail preferred | deserve neither liberty nor safety. > > Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > --
